You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Register a free account to unlock additional features at BleepingComputer.com

Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

I've Been Infected With Winspyware 2007

Hello, I hope someone can help me. Yesterday, I was infected with Winspyware 2007. I panicked and I tried to repair Windows, but that didn't work. I'm currently on safe mode, so can someone help me get rid of this problem. I wanted to know if I restore Windows completely will it get rid of the problem. Please help find a way to get rid of this problem without losing my files. Thanks a million!

First of all, First of all, you didn't unzip/extract hijackthis.. and it's still in the tempfolder.So I strongly advise to unzip/extract hijackthis.zip.Read here how to unzip/extract properly:http://metallica.geekstogo.com/xpcompressedexplanation.htmlCreate a permanent folder and move hijackthis.exe into it. The reason is because hijackthis creates backups and when it's in your temp-folder it can be accidentally deleted.How do you make a permanent folder:

Click My Computer, then C:\ and then on Program Files.In the menu bar, File->New->Folder.That will create a folder named New Folder, which you can rename to "HJT" or "HijackThis".Now you have C:\Program Files\HijackThis. Put your HijackThis.exe there.

Then, I see you have Viewpoint installed...Viewpoint Manager is considered as foistware instead of malware since it is installed without users approval but doesn't spy or do anything "bad". This will change from what we know in 2006 read this article: http://www.clickz.com/news/article.php/3561546I suggest you remove the program now. Go to Start > Settings > Control Panel > Add/Remove Programs and remove the following programs if present.

Extra note, I notice from the log that there are running more than one different Anti-Virus programs. McAfee and Norton Antivirus.Never install more than one Antivirus and Firewall! Rather than giving you extra protection, it will decrease the reliability of it seriously! The reason for this is that if both products have their automatic (Real-Time) protection switched on, your system may lock up due to both software products attempting to access the same file at the same time. Also because more than one Antivirus and Firewall installed are not compatible with eachother, it can cause system performance problems and a serious system slowdown.

So you have to make a decision here and keep the Antivirus you prefer and uninstall the other one.Then reboot after uninstalling.

After reboot, * Download Combofix to your desktop.Doubleclick combofix.exeFollow the prompts.Don't click on the window while the fix is running, because that will cause your system to hang.

When finished and after reboot (in case it asks to reboot), it should open a log, combofix.txt. Post this log in your next reply together with a new hijackthislog.Do NOT post the ComboFix-quarantined-files.txt - unless I ask you to.

This is strange - I thought you already replied and I replied once again with instructions...Now it seems like these posts are removed.Can you post a new HijackThislog please, because I know the combofix log you posted previously was OK again...

I already see now what happened:

Important Announcement:

Due to a problem in our backup procedure, the database for the forums became corrupt. Unfortunately this means that we had to revert the database to an earlier backup from around 10am Eastern on June 13th 2007.

We sincerely apologize to all those who have lost any information that they may have posted and for any posts that you may have to do over. Please be assured that measures are being put into place so that this does not happen again. If you had previously received help in one of your topics, you may want to respond back to it so that that helper knows about it.

Thank you for all your help. I will definitely read the prevention page!

I'm just a little paranoid. So the malware is completely removed? Can I securely go to websites without the fear that my personal info is being spied on, at least not by the malware that infected my computer this time? Sorry for the uncertainty. Thanks again for all the wonderful work you've done!

Yes, you should be OK now. Just perform another scan with your Antivirus to get rid of some leftovers if still present. Don't worry if it still finds some leftovers though, this is normal, but this time they should be able to delete it without any problem since we killed/deleted the active infection.

Since this issue appears resolved ... this Topic is closed.
If you need this topic reopened for continuations of existing problems, please request this by sending me a PM with the address of the thread. This applies only to the original topic starter.